Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version 8

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Users can change the default configurations by editing the <PRODUCT_HOME>/repository/conf/identity.xml file using the information given below.

Click on the table and use the left and right arrow keys to scroll horizontally. 

XML Elements 
Anchor
elements
elements

XML elementDescriptionData typeDefault valueMandatory/OptionalSample
<Server>     
_____<JDBCPersistenceManager>Identity related data source configuration.    
__________<DataSource>     
_______________<Name>Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources.xml.StringN/AMandatory 
__________<SkipDBSchemaCreation>If the identity database is created from another place and if it is required to skip schema initialization during the server start up, set the property to "true".BooleanFALSEOptional 
_____<OpenID>OpenID related configurations.    
__________<OpenIDServerUrl>This is the URL that the OpenID server (servlet) is running in.StringN/AMandatory 
__________<OpenIDUserPattern>URL of the pattern that can be configured for the user's OpenID.StringN/AMandatory 
__________<OpenIDSkipUserConsent>Set to false if the users must be prompted for approval.BooleanFALSEOptional 
__________<OpenIDRememberMeExpiry>Expiry time of the OpenID RememberMe token in minutes.Int0 MinutesOptional 
__________<UseMultifactorAuthentication>Multifactor authentication configuration.BooleanFALSEOptional 
__________<DisableOpenIDDumbMode>To enable or disable OpenID dumb mode.BooleanFALSEOptional 
__________<SessionTimeout>OpenID session timeout in seconds.Int36000 SecondsOptional 
__________<AcceptSAMLSSOLogin>Skips authentication if the valid SAML2 Web SSO browser session is available.BooleanFALSEOptional 
__________<ClaimsRetrieverImplClass>User claim retrieving module for OpenID.    
_____<OAuth>OAuth related configurations.    
__________<AuthorizationCodeDefaultValidityPeriod>Default validity period for Authorization Code in seconds.Int300 SecondsOptional 
__________<AccessTokenDefaultValidityPeriod>Default validity period for Access Token in seconds.Int3600 SecondsOptional 
__________<TimestampSkew>Timestamp skew in seconds.Int300 SecondsOptional 
__________<EnableOAuthCache>Enable OAuth caching. This cache has the replication support.BooleanTRUEOptional 
__________<TokenPersistencePreprocessor>Configure the security measures needed to be done prior to storing the token in the database, such as hashing, encrypting, etc.Stringorg.wso2.carbon.identity.oauth.preprocessor.PlainTokenPersistencePreprocessorOptional 
__________<SupportedResponseTypes>Supported OAuth2.0 respose types.
String values with Comma separated
token, code		Optional 
__________<SupportedGrantTypes>Supported OAuth2.0 grant types.String values with Comma separatedauthorization_code,password,refresh_token,client_credentials,urn:ietf:params:oauth:grant-type:saml2-bearerOptional 
__________<OAuthCallbackHandlers>     
_______________<OAuthCallbackHandler>OAuth callback handler module class name.StringN/AMandatory 
__________<EnableAssertions>Assertions can be used to embed parameters into the access token.    
_______________<UserName>This enables you to add the user name as an additional parameter if you require it.BooleanFALSEOptional 
__________<EnableAccessTokenPartitioning>This should be set to true when using multiple user stores and keys should be saved into different tables according to the user store. By default, all the application keys are saved into the same table. UserName Assertion should be 'true' to use this.BooleanFALSEOptional 
__________<AccessTokenPartitioningDomains>This includes the user store domain names and mapping to the new table name. E.g., if you provide 'A:foo.com', foo.com should be the user store domain name and 'A' represents the relavant mapping of the token store table, i.e., tokens will be added to a table called IDN_OAUTH2_ACCESS_TOKEN_A.String values with Comma separatedN/AOptional 
__________<AuthorizationContextTokenGeneration>     
_______________<Enabled>
This mentions whether token generation is enabled or not.		BooleanFALSEOptional 
_______________<TokenGeneratorImplClass>Token generation class name.Stringorg.wso2.carbon.identity.oauth2.token.JWTTokenGeneratorOptional 
_______________<ClaimsRetrieverImplClass>Claim retrieving class name for generating a token. org.wso2.carbon.identity.oauth2.token.DefaultClaimsRetrieverOptional 
_______________<ConsumerDialectURI>Claim Dialect URI that is used for claim retrieving. http://wso2.org/claimsOptional 
_______________<SignatureAlgorithm>Signature algorithm used for sign the token. SHA256withRSAOptional 
_______________<AuthorizationContextTTL>Token time to live value.Long15 MinutesOptional 
__________<SAML2Grant>Configuration related to SAML2 Grant type.    
__________<OpenIDConnect>     
_______________<IDTokenBuilder>IDToken generator implementation class name.Stringorg.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilderOptional 
_______________<IDTokenIssuerID>The value of TokenIssuerID of the IDToken. This is a unique value and should be changed according to the deployment values.StringOIDCAuthzServerOptional 
_______________<IDTokenSubjectClaim>This is the claim used as the subject of the IDToken. You can use
different claims such
as http://wso2.org/claims/emailaddress.		Stringhttp://wso2.org/claims/fullnameOptional 
_______________<IDTokenCustomClaimsCallBackHandler>Claim callback implementation class name. This is used to return custom claims with the IDToken.Stringorg.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallbackOptional 
_______________<IDTokenExpiration>The expiration value of the IDToken in seconds.Int300 SecondsOptional 
_______________<UserInfoEndpointClaimDialect>Defines which claim dialect should be returned from the User Endpoint.Stringhttp://wso2.org/claims/fullnameOptional 
_______________<UserInfoEndpointClaimRetriever>Defines the implemenation name of the class which builds the claims for the user info endpoint's response.Stringorg.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetrieverOptional 
_______________<UserInfoEndpointRequestValidator>Implemenation name of the class that validates the user info request against the specification.Stringorg.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidatorOptional 
_______________<UserInfoEndpointAccessTokenValidator>Implementation name of the class that validates the access token.Stringorg.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidatorOptional 
_______________<UserInfoEndpointResponseBuilder>Implementation name of the class that builds the user info request.Stringorg.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilderOptional 
_______________<SkipUserConsent>Set to false if the users must be prompted for approval.BooleanFALSEOptional 
_____<MultifactorAuthentication>     
__________<XMPPSettings>XMPP setting for multifactor authentication.    
_______________<XMPPConfig>     
____________________<XMPPProvider>XMPP provider name.StringN/AMandatory 
____________________<XMPPServer>XMPP server name.StringN/AMandatory 
____________________<XMPPPort>XMPP server's port.IntN/AMandatory 
____________________<XMPPExt>XMPP domain.StringN/AMandatory 
____________________<XMPPUserName>User name for login to XMPP server.StringN/AMandatory 
____________________<XMPPPassword>Password for login to XMPP server.StringN/AMandatory 
_____<SSOService>     
__________<IdentityProviderURL>Unique identifier for IDP. This would be passed as Issuer in SAML2 response.StringN/AMandatory 
__________<SingleLogoutRetryCount>Number of retries that must be done if a single logout request is not received from the SP.Int5Optional 
__________<SingleLogoutRetryInterval>Interval between two re-tries.Int60 SecondsOptional 
__________<TenantPartitioningEnabled>This would add the tenant domain as parameter into the ACS URL.BooleanFALSEOptional 
__________<SessionTimeout>Remember me session timeout in seconds.Int36000 SecondsOptional 
__________<AttributesClaimDialect>Claim Dialect URI that is used for claim retrieving.String
http://wso2.org/claims		Optional 
__________<AcceptOpenIDLogin>Skips authentication if the valid OpenID login session is available.BooleanFALSEOptional 
__________<ClaimsRetrieverImplClass>Claim retrieving class name for generating a token.StringN/AMandatory 
__________<SAMLResponseValidityPeriod>SAML Token validity period in minutes.Int5 MinutesOptional 
_____<EntitlementSettings>     
__________<ThirftBasedEntitlementConfig>Thrift transport configurations for entitlement service.    
_______________<EnableThriftService>Enable thrift transport.BooleanFALSEOptional 
_______________<ReceivePort>Thrift listening port.IntN/AMandatory 
_______________<ClientTimeout>Thrift session time out in seconds.IntN/AMandatory 
_______________<KeyStore>Thrift key store configurations used for SSL.    
____________________<Location>Key store locationStringN/AMandatory 
____________________<Password>Key store passwordStringN/AMandatory 
_____<SCIMAuthenticators>     
__________<Authenticator>Defines implementations of SCIM authenticator.Stringorg.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler and org.wso2.carbon.identity.scim.provider.auth.OAuthHandlerOptional 
_______________<Property>Configuration properties of each autenticator implementation.StringN/AOptional